Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon
On Fri, Oct 31, 2008 at 03:49:24AM -0700, Jeffrey Altman wrote:[color=blue]
> Jonathan Barber wrote:[color=green]
> > After downloading putty from here:
> > [url]http://web.mit.edu/jaltman/Public/putty-0.59-with-gssapi.zip[/url]
> This version is known to be buggy and should have been deleted from
> that location long ago. It now has been.[/color]
That would explain that.
> > and copying the dll's from the MIT NetIDMgr install to
> > C:\Windows\system32,[/color]
> Why are you copying DLLs from the installer directory to \WINDOWS\System32?
> Application binaries do not belong there.[/color]
Prior to that, we were getting errors including references to SSPI,
presumably because putty wasn't picking up the MIT DDLS.
> > we get the following message from putty when we try
> > to connect to a kerberised ssh server:
> > Event Log: GSSAPI error: Unspecified GSS failure. Minor code may provide more information
> > Event Log: GSSAPI mech specific error: Cannot resolve network address for KDC in requested realm
> > The same ssh server works fine from a linux client with the same
> > principal.[/color]
> the problem is not your ssh server, its the putty client.[/color]
Yes, I'd reached that conclusion. The comment was there to rule out the
possibility that people might think that the issue was in the underlying
> Secure Endpoints provides gss putty clients that work (for 32-bit and
> 64-bit windows)
> to its clients.[/color]
How is this available?
We don't have any particular preference WRT ssh clients, putty was just
choosen as our test as it's what we have used in the past.
> Jeffrey Altman
> Secure Endpoints Inc.[/color]
High Performance Computing Analyst
Tel. +44 (0) 1382 386389